If I'm not mistaken, the same trick you mention in "Part 2" can be used to decei... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		ComputerGuru on Oct 6, 2009 \| parent \| context \| favorite \| on: Null-prefix certificate for paypal If I'm not mistaken, the same trick you mention in "Part 2" can be used to deceive the client for any false certificate, not just a null-prefix certificate.

sp332 on Oct 6, 2009 [–]

But you need to have a cert signed by an authority the browser trusts, which is why you need the null-prefix attack.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact